swissmakers_gmbh/fail2ban-ui
12
1
Fork 0
mirror of https://github.com/swissmakers/fail2ban-ui.git synced 2026-04-11 13:47:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added basic OPNsense integration, and fixed PfSense API by changing from X-API-Key and X-API-Secret headers to only x-api-key header (lowercase as specified in v2 API docs)

Browse Source
This commit is contained in:
Michael Reber
2026-01-14 17:44:56 +01:00
parent 8ed18f2473
commit 325ddc2733
13 changed files with 311 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/config/settings.go
View File

@@ -90,6 +90,7 @@ type AdvancedActionsConfig struct {
Integration string `json:"integration"` Integration string `json:"integration"`
Mikrotik MikrotikIntegrationSettings `json:"mikrotik"` Mikrotik MikrotikIntegrationSettings `json:"mikrotik"`
PfSense PfSenseIntegrationSettings `json:"pfSense"` PfSense PfSenseIntegrationSettings `json:"pfSense"`
OPNsense OPNsenseIntegrationSettings `json:"opnsense"`
} }
type MikrotikIntegrationSettings struct { type MikrotikIntegrationSettings struct {
@@ -109,6 +110,14 @@ type PfSenseIntegrationSettings struct {
SkipTLSVerify bool `json:"skipTLSVerify"` SkipTLSVerify bool `json:"skipTLSVerify"`
} }
type OPNsenseIntegrationSettings struct {
BaseURL string `json:"baseUrl"`
APIKey string `json:"apiKey"`
APISecret string `json:"apiSecret"`
Alias string `json:"alias"`
SkipTLSVerify bool `json:"skipTLSVerify"`
}
func defaultAdvancedActionsConfig() AdvancedActionsConfig { func defaultAdvancedActionsConfig() AdvancedActionsConfig {
return AdvancedActionsConfig{ return AdvancedActionsConfig{
Enabled: false, Enabled: false,

13
internal/integrations/mikrotik.go
View File

@@ -97,7 +97,18 @@ func (m *mikrotikIntegration) runCommand(req Request, command string) error {
address := net.JoinHostPort(cfg.Host, fmt.Sprintf("%d", port)) address := net.JoinHostPort(cfg.Host, fmt.Sprintf("%d", port))
client, err := ssh.Dial("tcp", address, clientCfg) client, err := ssh.Dial("tcp", address, clientCfg)
if err != nil { if err != nil {
return fmt.Errorf("failed to connect to mikrotik: %w", err) // Provide more specific error messages for common connection issues
if netErr, ok := err.(net.Error); ok {
if netErr.Timeout() {
return fmt.Errorf("connection to mikrotik at %s timed out: %w", address, err)
}
}
if opErr, ok := err.(*net.OpError); ok {
if opErr.Err != nil {
return fmt.Errorf("failed to connect to mikrotik at %s: %v (check host, port %d, and network connectivity)", address, opErr.Err, port)
}
}
return fmt.Errorf("failed to connect to mikrotik at %s: %w (check host, port %d, username, and credentials)", address, err, port)
} }
defer client.Close() defer client.Close()

128
internal/integrations/opnsense.go Normal file
View File

@@ -0,0 +1,128 @@
package integrations
import (
"bytes"
"crypto/tls"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"strings"
"time"
"github.com/swissmakers/fail2ban-ui/internal/config"
)
type opnsenseIntegration struct{}
func init() {
Register(&opnsenseIntegration{})
}
func (o *opnsenseIntegration) ID() string {
return "opnsense"
}
func (o *opnsenseIntegration) DisplayName() string {
return "OPNsense"
}
func (o *opnsenseIntegration) Validate(cfg config.AdvancedActionsConfig) error {
if cfg.OPNsense.BaseURL == "" {
return fmt.Errorf("OPNsense base URL is required")
}
if cfg.OPNsense.APIKey == "" || cfg.OPNsense.APISecret == "" {
return fmt.Errorf("OPNsense API key and secret are required")
}
if cfg.OPNsense.Alias == "" {
return fmt.Errorf("OPNsense alias is required")
}
return nil
}
func (o *opnsenseIntegration) BlockIP(req Request) error {
if err := o.Validate(req.Config); err != nil {
return err
}
return o.callAPI(req, "add", req.IP)
}
func (o *opnsenseIntegration) UnblockIP(req Request) error {
if err := o.Validate(req.Config); err != nil {
return err
}
return o.callAPI(req, "del", req.IP)
}
func (o *opnsenseIntegration) callAPI(req Request, action, ip string) error {
cfg := req.Config.OPNsense
// OPNsense uses /api/firewall/alias_util/{action}/{alias_name}
apiURL := strings.TrimSuffix(cfg.BaseURL, "/") + fmt.Sprintf("/api/firewall/alias_util/%s/%s", action, cfg.Alias)
// Request body for OPNsense
payload := map[string]string{
"address": ip,
}
data, err := json.Marshal(payload)
if err != nil {
return fmt.Errorf("failed to encode OPNsense payload: %w", err)
}
httpClient := &http.Client{
Timeout: 10 * time.Second,
}
if cfg.SkipTLSVerify {
httpClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // #nosec G402 - user controlled
}
}
reqLogger := "OPNsense"
if req.Logger != nil {
req.Logger("Calling OPNsense API %s action=%s payload=%s", apiURL, action, string(data))
}
httpReq, err := http.NewRequest(http.MethodPost, apiURL, bytes.NewReader(data))
if err != nil {
return fmt.Errorf("failed to create OPNsense request: %w", err)
}
httpReq.Header.Set("Content-Type", "application/json")
// OPNsense uses Basic Auth with API key as username and API secret as password
auth := base64.StdEncoding.EncodeToString([]byte(cfg.APIKey + ":" + cfg.APISecret))
httpReq.Header.Set("Authorization", "Basic "+auth)
resp, err := httpClient.Do(httpReq)
if err != nil {
// Provide more specific error messages for connection issues
if netErr, ok := err.(interface {
Timeout() bool
Error() string
}); ok && netErr.Timeout() {
return fmt.Errorf("OPNsense API request to %s timed out: %w", apiURL, err)
}
return fmt.Errorf("OPNsense API request to %s failed: %w (check base URL, network connectivity, and API credentials)", apiURL, err)
}
defer resp.Body.Close()
// Read response body for better error messages
bodyBytes, _ := io.ReadAll(resp.Body)
bodyStr := strings.TrimSpace(string(bodyBytes))
if resp.StatusCode >= 300 {
if bodyStr != "" {
return fmt.Errorf("OPNsense API request failed: status %s, response: %s", resp.Status, bodyStr)
}
return fmt.Errorf("OPNsense API request failed: status %s (check API credentials and alias name)", resp.Status)
}
if req.Logger != nil {
req.Logger("%s API call succeeded", reqLogger)
if bodyStr != "" {
req.Logger("%s API response: %s", reqLogger, bodyStr)
}
}
return nil
}

30
internal/integrations/pfsense.go
View File

@@ -5,6 +5,7 @@ import (
"crypto/tls" "crypto/tls"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io"
"net/http" "net/http"
"strings" "strings"
"time" "time"
@@ -30,8 +31,8 @@ func (p *pfSenseIntegration) Validate(cfg config.AdvancedActionsConfig) error {
if cfg.PfSense.BaseURL == "" { if cfg.PfSense.BaseURL == "" {
return fmt.Errorf("pfSense base URL is required") return fmt.Errorf("pfSense base URL is required")
} }
if cfg.PfSense.APIToken == "" || cfg.PfSense.APISecret == "" { if cfg.PfSense.APIToken == "" {
return fmt.Errorf("pfSense API token and secret are required") return fmt.Errorf("pfSense API key is required")
} }
if cfg.PfSense.Alias == "" { if cfg.PfSense.Alias == "" {
return fmt.Errorf("pfSense alias is required") return fmt.Errorf("pfSense alias is required")
@@ -92,21 +93,38 @@ func (p *pfSenseIntegration) callAPI(req Request, action string, payload map[str
return fmt.Errorf("failed to create pfSense request: %w", err) return fmt.Errorf("failed to create pfSense request: %w", err)
} }
httpReq.Header.Set("Content-Type", "application/json") httpReq.Header.Set("Content-Type", "application/json")
httpReq.Header.Set("X-API-Key", cfg.APIToken) // pfSense REST API v2 uses KeyAuth with x-api-key header only
httpReq.Header.Set("X-API-Secret", cfg.APISecret) httpReq.Header.Set("x-api-key", cfg.APIToken)
resp, err := httpClient.Do(httpReq) resp, err := httpClient.Do(httpReq)
if err != nil { if err != nil {
return fmt.Errorf("pfSense request failed: %w", err) // Provide more specific error messages for connection issues
if netErr, ok := err.(interface {
Timeout() bool
Error() string
}); ok && netErr.Timeout() {
return fmt.Errorf("pfSense API request to %s timed out: %w", apiURL, err)
}
return fmt.Errorf("pfSense API request to %s failed: %w (check base URL, network connectivity, and API credentials)", apiURL, err)
} }
defer resp.Body.Close() defer resp.Body.Close()
// Read response body for better error messages
bodyBytes, _ := io.ReadAll(resp.Body)
bodyStr := strings.TrimSpace(string(bodyBytes))
if resp.StatusCode >= 300 { if resp.StatusCode >= 300 {
return fmt.Errorf("pfSense request failed: status %s", resp.Status) if bodyStr != "" {
return fmt.Errorf("pfSense API request failed: status %s, response: %s", resp.Status, bodyStr)
}
return fmt.Errorf("pfSense API request failed: status %s (check API credentials and alias name)", resp.Status)
} }
if req.Logger != nil { if req.Logger != nil {
req.Logger("%s API call succeeded", reqLogger) req.Logger("%s API call succeeded", reqLogger)
if bodyStr != "" {
req.Logger("%s API response: %s", reqLogger, bodyStr)
}
} }
return nil return nil
} }

18
internal/locales/de.json
View File

@@ -188,12 +188,24 @@
"settings.advanced.mikrotik.password": "SSH-Passwort", "settings.advanced.mikrotik.password": "SSH-Passwort",
"settings.advanced.mikrotik.key": "SSH-Key-Pfad (optional)", "settings.advanced.mikrotik.key": "SSH-Key-Pfad (optional)",
"settings.advanced.mikrotik.list": "Address-Listenname", "settings.advanced.mikrotik.list": "Address-Listenname",
"settings.advanced.pfsense.note": "Benötigt das pfSense API-Paket. Verwende ein Token mit Alias-Rechten.", "settings.advanced.pfsense.note": "Benötigt das pfSense REST API-Paket. Gib den API-Schlüssel und den Alias-Namen ein.",
"settings.advanced.pfsense.install_link": "REST API-Paket installieren",
"settings.advanced.pfsense.api_key_setup": "API-Schlüssel einrichten",
"settings.advanced.pfsense.base_url": "Basis-URL", "settings.advanced.pfsense.base_url": "Basis-URL",
"settings.advanced.pfsense.token": "API-Token", "settings.advanced.pfsense.token": "API-Schlüssel",
"settings.advanced.pfsense.secret": "API-Secret", "settings.advanced.pfsense.token_hint": "Erstellen in System > REST API > Keys im pfSense webConfigurator",
"settings.advanced.pfsense.alias": "Alias-Name", "settings.advanced.pfsense.alias": "Alias-Name",
"settings.advanced.pfsense.skip_tls": "TLS-Validierung überspringen (Self-Signed)", "settings.advanced.pfsense.skip_tls": "TLS-Validierung überspringen (Self-Signed)",
"settings.advanced.opnsense.note": "Gib die OPNsense API-Anmeldedaten und den Alias-Namen ein.",
"settings.advanced.opnsense.api_docs": "API-Dokumentation",
"settings.advanced.opnsense.api_key_setup": "API-Schlüssel einrichten",
"settings.advanced.opnsense.base_url": "Basis-URL",
"settings.advanced.opnsense.key": "API-Schlüssel",
"settings.advanced.opnsense.key_hint": "Erstellen in System > Zugriff > Benutzer > API-Schlüssel",
"settings.advanced.opnsense.secret": "API-Geheimnis",
"settings.advanced.opnsense.secret_hint": "Zusammen mit dem API-Schlüssel erstellen",
"settings.advanced.opnsense.alias": "Alias-Name",
"settings.advanced.opnsense.skip_tls": "TLS-Validierung überspringen (Self-Signed)",
"settings.advanced.log_title": "Log der permanenten Sperren", "settings.advanced.log_title": "Log der permanenten Sperren",
"settings.advanced.log_empty": "Noch keine permanenten Sperren vorhanden.", "settings.advanced.log_empty": "Noch keine permanenten Sperren vorhanden.",
"settings.advanced.log_ip": "IP", "settings.advanced.log_ip": "IP",

18
internal/locales/de_ch.json
View File

@@ -188,12 +188,24 @@
"settings.advanced.mikrotik.password": "SSH-Passwort", "settings.advanced.mikrotik.password": "SSH-Passwort",
"settings.advanced.mikrotik.key": "SSH-Key-Pfad (optional)", "settings.advanced.mikrotik.key": "SSH-Key-Pfad (optional)",
"settings.advanced.mikrotik.list": "Adress-Lischtename", "settings.advanced.mikrotik.list": "Adress-Lischtename",
"settings.advanced.pfsense.note": "Bruucht s pfSense API-Päckli. Erstell es Token wo Aliase cha bearbeite.", "settings.advanced.pfsense.note": "Bruucht s pfSense REST API-Päckli. Gib dr API-Schlüssu und dr Alias-Name i.",
"settings.advanced.pfsense.install_link": "REST API-Päckli installiere",
"settings.advanced.pfsense.api_key_setup": "API-Schlüssu iirichte",
"settings.advanced.pfsense.base_url": "Basis-URL", "settings.advanced.pfsense.base_url": "Basis-URL",
"settings.advanced.pfsense.token": "API-Token", "settings.advanced.pfsense.token": "API-Schlüssu",
"settings.advanced.pfsense.secret": "API-Secret", "settings.advanced.pfsense.token_hint": "Erstelle i System > REST API > Keys im pfSense webConfigurator",
"settings.advanced.pfsense.alias": "Alias-Name", "settings.advanced.pfsense.alias": "Alias-Name",
"settings.advanced.pfsense.skip_tls": "TLS-Prüfig überspringe (Self-Signed)", "settings.advanced.pfsense.skip_tls": "TLS-Prüfig überspringe (Self-Signed)",
"settings.advanced.opnsense.note": "Gib d OPNsense API-Ameldedate und dr Alias-Name i.",
"settings.advanced.opnsense.api_docs": "API-Dokumentation",
"settings.advanced.opnsense.api_key_setup": "API-Schlüssu iirichte",
"settings.advanced.opnsense.base_url": "Basis-URL",
"settings.advanced.opnsense.key": "API-Schlüssu",
"settings.advanced.opnsense.key_hint": "Erstelle i System > Zuegriff > Benutzer > API-Schlüssu",
"settings.advanced.opnsense.secret": "API-Geheimnis",
"settings.advanced.opnsense.secret_hint": "Zämme mit em API-Schlüssu erstelle",
"settings.advanced.opnsense.alias": "Alias-Name",
"settings.advanced.opnsense.skip_tls": "TLS-Prüfig überspringe (Self-Signed)",
"settings.advanced.log_title": "Permanent gsperrti IPs", "settings.advanced.log_title": "Permanent gsperrti IPs",
"settings.advanced.log_empty": "No ke permanenti Sperrig erfasst.", "settings.advanced.log_empty": "No ke permanenti Sperrig erfasst.",
"settings.advanced.log_ip": "IP", "settings.advanced.log_ip": "IP",

18
internal/locales/en.json
View File

@@ -188,12 +188,24 @@
"settings.advanced.mikrotik.password": "SSH Password", "settings.advanced.mikrotik.password": "SSH Password",
"settings.advanced.mikrotik.key": "SSH Key Path (optional)", "settings.advanced.mikrotik.key": "SSH Key Path (optional)",
"settings.advanced.mikrotik.list": "Address List Name", "settings.advanced.mikrotik.list": "Address List Name",
"settings.advanced.pfsense.note": "Requires the pfSense API package. Use an API token that may edit aliases.", "settings.advanced.pfsense.note": "Requires the pfSense REST API package. Enter the API key and alias to manage.",
"settings.advanced.pfsense.install_link": "Install REST API Package",
"settings.advanced.pfsense.api_key_setup": "Setup API Key",
"settings.advanced.pfsense.base_url": "Base URL", "settings.advanced.pfsense.base_url": "Base URL",
"settings.advanced.pfsense.token": "API Token", "settings.advanced.pfsense.token": "API Key",
"settings.advanced.pfsense.secret": "API Secret", "settings.advanced.pfsense.token_hint": "Generate in System > REST API > Keys in pfSense webConfigurator",
"settings.advanced.pfsense.alias": "Alias Name", "settings.advanced.pfsense.alias": "Alias Name",
"settings.advanced.pfsense.skip_tls": "Skip TLS verification (self-signed)", "settings.advanced.pfsense.skip_tls": "Skip TLS verification (self-signed)",
"settings.advanced.opnsense.note": "Enter the OPNsense API credentials and alias to manage.",
"settings.advanced.opnsense.api_docs": "API Documentation",
"settings.advanced.opnsense.api_key_setup": "Setup API Key",
"settings.advanced.opnsense.base_url": "Base URL",
"settings.advanced.opnsense.key": "API Key",
"settings.advanced.opnsense.key_hint": "Generate in System > Access > Users > API Keys",
"settings.advanced.opnsense.secret": "API Secret",
"settings.advanced.opnsense.secret_hint": "Generate together with API key",
"settings.advanced.opnsense.alias": "Alias Name",
"settings.advanced.opnsense.skip_tls": "Skip TLS verification (self-signed)",
"settings.advanced.log_title": "Permanent Block Log", "settings.advanced.log_title": "Permanent Block Log",
"settings.advanced.log_empty": "No permanent blocks recorded yet.", "settings.advanced.log_empty": "No permanent blocks recorded yet.",
"settings.advanced.log_ip": "IP", "settings.advanced.log_ip": "IP",

18
internal/locales/es.json
View File

@@ -188,12 +188,24 @@
"settings.advanced.mikrotik.password": "Contraseña SSH", "settings.advanced.mikrotik.password": "Contraseña SSH",
"settings.advanced.mikrotik.key": "Ruta de la clave SSH (opcional)", "settings.advanced.mikrotik.key": "Ruta de la clave SSH (opcional)",
"settings.advanced.mikrotik.list": "Nombre de la lista", "settings.advanced.mikrotik.list": "Nombre de la lista",
"settings.advanced.pfsense.note": "Requiere el paquete de API de pfSense. Usa un token con acceso a alias.", "settings.advanced.pfsense.note": "Requiere el paquete REST API de pfSense. Introduce la clave API y el alias a gestionar.",
"settings.advanced.pfsense.install_link": "Instalar paquete REST API",
"settings.advanced.pfsense.api_key_setup": "Configurar clave API",
"settings.advanced.pfsense.base_url": "URL base", "settings.advanced.pfsense.base_url": "URL base",
"settings.advanced.pfsense.token": "Token API", "settings.advanced.pfsense.token": "Clave API",
"settings.advanced.pfsense.secret": "Secreto API", "settings.advanced.pfsense.token_hint": "Generar en Sistema > REST API > Keys en el webConfigurator de pfSense",
"settings.advanced.pfsense.alias": "Nombre del alias", "settings.advanced.pfsense.alias": "Nombre del alias",
"settings.advanced.pfsense.skip_tls": "Omitir verificación TLS (autofirmado)", "settings.advanced.pfsense.skip_tls": "Omitir verificación TLS (autofirmado)",
"settings.advanced.opnsense.note": "Introduce las credenciales API de OPNsense y el alias a gestionar.",
"settings.advanced.opnsense.api_docs": "Documentación API",
"settings.advanced.opnsense.api_key_setup": "Configurar clave API",
"settings.advanced.opnsense.base_url": "URL base",
"settings.advanced.opnsense.key": "Clave API",
"settings.advanced.opnsense.key_hint": "Generar en Sistema > Acceso > Usuarios > Claves API",
"settings.advanced.opnsense.secret": "Secreto API",
"settings.advanced.opnsense.secret_hint": "Generar junto con la clave API",
"settings.advanced.opnsense.alias": "Nombre del alias",
"settings.advanced.opnsense.skip_tls": "Omitir verificación TLS (autofirmado)",
"settings.advanced.log_title": "Registro de bloqueos permanentes", "settings.advanced.log_title": "Registro de bloqueos permanentes",
"settings.advanced.log_empty": "Aún no hay bloqueos permanentes.", "settings.advanced.log_empty": "Aún no hay bloqueos permanentes.",
"settings.advanced.log_ip": "IP", "settings.advanced.log_ip": "IP",

20
internal/locales/fr.json
View File

@@ -188,12 +188,24 @@
"settings.advanced.mikrotik.password": "Mot de passe SSH", "settings.advanced.mikrotik.password": "Mot de passe SSH",
"settings.advanced.mikrotik.key": "Chemin de clé SSH (optionnel)", "settings.advanced.mikrotik.key": "Chemin de clé SSH (optionnel)",
"settings.advanced.mikrotik.list": "Nom de la liste", "settings.advanced.mikrotik.list": "Nom de la liste",
"settings.advanced.pfsense.note": "Nécessite le paquet API pfSense. Utiliser un jeton ayant accès aux alias.", "settings.advanced.pfsense.note": "Nécessite le paquet REST API pfSense. Entrez la clé API et l'alias à gérer.",
"settings.advanced.pfsense.install_link": "Installer le paquet REST API",
"settings.advanced.pfsense.api_key_setup": "Configurer la clé API",
"settings.advanced.pfsense.base_url": "URL de base", "settings.advanced.pfsense.base_url": "URL de base",
"settings.advanced.pfsense.token": "Jeton API", "settings.advanced.pfsense.token": "Clé API",
"settings.advanced.pfsense.secret": "Secret API", "settings.advanced.pfsense.token_hint": "Générer dans Système > REST API > Keys dans le webConfigurator pfSense",
"settings.advanced.pfsense.alias": "Nom dalias", "settings.advanced.pfsense.alias": "Nom d'alias",
"settings.advanced.pfsense.skip_tls": "Ignorer la vérification TLS (auto-signé)", "settings.advanced.pfsense.skip_tls": "Ignorer la vérification TLS (auto-signé)",
"settings.advanced.opnsense.note": "Entrez les identifiants API OPNsense et l'alias à gérer.",
"settings.advanced.opnsense.api_docs": "Documentation API",
"settings.advanced.opnsense.api_key_setup": "Configurer la clé API",
"settings.advanced.opnsense.base_url": "URL de base",
"settings.advanced.opnsense.key": "Clé API",
"settings.advanced.opnsense.key_hint": "Générer dans Système > Accès > Utilisateurs > Clés API",
"settings.advanced.opnsense.secret": "Secret API",
"settings.advanced.opnsense.secret_hint": "Générer avec la clé API",
"settings.advanced.opnsense.alias": "Nom d'alias",
"settings.advanced.opnsense.skip_tls": "Ignorer la vérification TLS (auto-signé)",
"settings.advanced.log_title": "Journal des blocages permanents", "settings.advanced.log_title": "Journal des blocages permanents",
"settings.advanced.log_empty": "Aucun blocage permanent pour le moment.", "settings.advanced.log_empty": "Aucun blocage permanent pour le moment.",
"settings.advanced.log_ip": "IP", "settings.advanced.log_ip": "IP",

18
internal/locales/it.json
View File

@@ -188,12 +188,24 @@
"settings.advanced.mikrotik.password": "Password SSH", "settings.advanced.mikrotik.password": "Password SSH",
"settings.advanced.mikrotik.key": "Percorso chiave SSH (opzionale)", "settings.advanced.mikrotik.key": "Percorso chiave SSH (opzionale)",
"settings.advanced.mikrotik.list": "Nome della lista", "settings.advanced.mikrotik.list": "Nome della lista",
"settings.advanced.pfsense.note": "Richiede il pacchetto API di pfSense. Usa un token con accesso agli alias.", "settings.advanced.pfsense.note": "Richiede il pacchetto REST API di pfSense. Inserisci la chiave API e l'alias da gestire.",
"settings.advanced.pfsense.install_link": "Installa pacchetto REST API",
"settings.advanced.pfsense.api_key_setup": "Configura chiave API",
"settings.advanced.pfsense.base_url": "URL base", "settings.advanced.pfsense.base_url": "URL base",
"settings.advanced.pfsense.token": "Token API", "settings.advanced.pfsense.token": "Chiave API",
"settings.advanced.pfsense.secret": "Segreto API", "settings.advanced.pfsense.token_hint": "Genera in Sistema > REST API > Keys nel webConfigurator di pfSense",
"settings.advanced.pfsense.alias": "Nome alias", "settings.advanced.pfsense.alias": "Nome alias",
"settings.advanced.pfsense.skip_tls": "Ignora verifica TLS (auto-firmato)", "settings.advanced.pfsense.skip_tls": "Ignora verifica TLS (auto-firmato)",
"settings.advanced.opnsense.note": "Inserisci le credenziali API di OPNsense e l'alias da gestire.",
"settings.advanced.opnsense.api_docs": "Documentazione API",
"settings.advanced.opnsense.api_key_setup": "Configura chiave API",
"settings.advanced.opnsense.base_url": "URL base",
"settings.advanced.opnsense.key": "Chiave API",
"settings.advanced.opnsense.key_hint": "Genera in Sistema > Accesso > Utenti > Chiavi API",
"settings.advanced.opnsense.secret": "Segreto API",
"settings.advanced.opnsense.secret_hint": "Genera insieme alla chiave API",
"settings.advanced.opnsense.alias": "Nome alias",
"settings.advanced.opnsense.skip_tls": "Ignora verifica TLS (auto-firmato)",
"settings.advanced.log_title": "Registro dei blocchi permanenti", "settings.advanced.log_title": "Registro dei blocchi permanenti",
"settings.advanced.log_empty": "Nessun blocco permanente ancora registrato.", "settings.advanced.log_empty": "Nessun blocco permanente ancora registrato.",
"settings.advanced.log_ip": "IP", "settings.advanced.log_ip": "IP",

16
pkg/web/handlers.go
View File

@@ -1424,9 +1424,8 @@ func ListPermanentBlocksHandler(c *gin.Context) {
// AdvancedActionsTestHandler allows manual block/unblock tests. // AdvancedActionsTestHandler allows manual block/unblock tests.
func AdvancedActionsTestHandler(c *gin.Context) { func AdvancedActionsTestHandler(c *gin.Context) {
var req struct { var req struct {
Action string `json:"action"` Action string `json:"action"`
IP string `json:"ip"` IP string `json:"ip"`
ServerID string `json:"serverId"`
} }
if err := c.ShouldBindJSON(&req); err != nil { if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid payload"}) c.JSON(http.StatusBadRequest, gin.H{"error": "invalid payload"})
@@ -1449,7 +1448,7 @@ func AdvancedActionsTestHandler(c *gin.Context) {
// Check if integration is configured // Check if integration is configured
if settings.AdvancedActions.Integration == "" { if settings.AdvancedActions.Integration == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "no integration configured. Please configure an integration (MikroTik or pfSense) in Advanced Actions settings first"}) c.JSON(http.StatusBadRequest, gin.H{"error": "no integration configured. Please configure an integration (MikroTik, pfSense, or OPNsense) in Advanced Actions settings first"})
return return
} }
@@ -1466,15 +1465,8 @@ func AdvancedActionsTestHandler(c *gin.Context) {
return return
} }
// Advanced actions work globally, not per server
server := config.Fail2banServer{} server := config.Fail2banServer{}
if req.ServerID != "" {
if srv, ok := config.GetServerByID(req.ServerID); ok {
server = srv
} else {
c.JSON(http.StatusBadRequest, gin.H{"error": "server not found"})
return
}
}
// Check if IP is already blocked before attempting action (for block action only) // Check if IP is already blocked before attempting action (for block action only)
skipLoggingIfAlreadyBlocked := false skipLoggingIfAlreadyBlocked := false

2
pkg/web/static/fail2ban-ui.css
View File

@@ -314,7 +314,7 @@ mark {
} }
} }
#advancedMikrotikFields, #advancedPfSenseFields { #advancedMikrotikFields, #advancedPfSenseFields, #advancedOPNsenseFields {
padding: 10px; padding: 10px;
} }

56
pkg/web/templates/index.html
View File

@@ -274,6 +274,7 @@
<option value="" data-i18n="settings.advanced.integration_none">Select integration</option> <option value="" data-i18n="settings.advanced.integration_none">Select integration</option>
<option value="mikrotik">Mikrotik</option> <option value="mikrotik">Mikrotik</option>
<option value="pfsense">pfSense</option> <option value="pfsense">pfSense</option>
<option value="opnsense">OPNsense</option>
</select> </select>
<p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.integration_hint">Choose where permanent bans should be synchronized.</p> <p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.integration_hint">Choose where permanent bans should be synchronized.</p>
</div> </div>
@@ -309,19 +310,21 @@
</div> </div>
<div id="advancedPfSenseFields" class="hidden border border-gray-200 rounded-lg p-4 overflow-x-auto bg-gray-50"> <div id="advancedPfSenseFields" class="hidden border border-gray-200 rounded-lg p-4 overflow-x-auto bg-gray-50">
<p class="text-sm text-gray-500" data-i18n="settings.advanced.pfsense.note">Requires the pfSense API package. Enter the API credentials and alias to manage.</p> <p class="text-sm text-gray-500 mb-3" data-i18n="settings.advanced.pfsense.note">Requires the pfSense REST API package. Enter the API key and alias to manage.</p>
<div class="mb-3 text-sm">
<a href="https://github.com/jaredhendrickson13/pfsense-api/releases" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.pfsense.install_link">Install REST API Package</a>
<span class="text-gray-500 mx-2"></span>
<a href="https://pfrest.org/AUTHENTICATION_AND_AUTHORIZATION/" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.pfsense.api_key_setup">Setup API Key</a>
</div>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4"> <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<div class="md:col-span-2"> <div class="md:col-span-2">
<label class="block text-sm font-medium text-gray-700" for="pfSenseBaseURL" data-i18n="settings.advanced.pfsense.base_url">Base URL</label> <label class="block text-sm font-medium text-gray-700" for="pfSenseBaseURL" data-i18n="settings.advanced.pfsense.base_url">Base URL</label>
<input id="pfSenseBaseURL" type="url" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="https://firewall.local"> <input id="pfSenseBaseURL" type="url" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="https://firewall.local">
</div> </div>
<div> <div class="md:col-span-2">
<label class="block text-sm font-medium text-gray-700" for="pfSenseToken" data-i18n="settings.advanced.pfsense.token">API Token</label> <label class="block text-sm font-medium text-gray-700" for="pfSenseToken" data-i18n="settings.advanced.pfsense.token">API Key</label>
<input id="pfSenseToken" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500"> <input id="pfSenseToken" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API key from System > REST API > Keys">
</div> <p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.pfsense.token_hint">Generate in System > REST API > Keys in pfSense webConfigurator</p>
<div>
<label class="block text-sm font-medium text-gray-700" for="pfSenseSecret" data-i18n="settings.advanced.pfsense.secret">API Secret</label>
<input id="pfSenseSecret" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500">
</div> </div>
<div> <div>
<label class="block text-sm font-medium text-gray-700" for="pfSenseAlias" data-i18n="settings.advanced.pfsense.alias">Alias Name</label> <label class="block text-sm font-medium text-gray-700" for="pfSenseAlias" data-i18n="settings.advanced.pfsense.alias">Alias Name</label>
@@ -333,6 +336,37 @@
</div> </div>
</div> </div>
</div> </div>
<div id="advancedOPNsenseFields" class="hidden border border-gray-200 rounded-lg p-4 overflow-x-auto bg-gray-50">
<p class="text-sm text-gray-500 mb-3" data-i18n="settings.advanced.opnsense.note">Enter the OPNsense API credentials and alias to manage.</p>
<div class="mb-3 text-sm">
<a href="https://docs.opnsense.org/development/api.html" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.opnsense.api_docs">API Documentation</a>
</div>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<div class="md:col-span-2">
<label class="block text-sm font-medium text-gray-700" for="opnsenseBaseURL" data-i18n="settings.advanced.opnsense.base_url">Base URL</label>
<input id="opnsenseBaseURL" type="url" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="https://firewall.local">
</div>
<div>
<label class="block text-sm font-medium text-gray-700" for="opnsenseKey" data-i18n="settings.advanced.opnsense.key">API Key</label>
<input id="opnsenseKey" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API key">
<p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.opnsense.key_hint">Generate in System > Access > Users > API Keys</p>
</div>
<div>
<label class="block text-sm font-medium text-gray-700" for="opnsenseSecret" data-i18n="settings.advanced.opnsense.secret">API Secret</label>
<input id="opnsenseSecret" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API secret">
<p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.opnsense.secret_hint">Generate together with API key</p>
</div>
<div>
<label class="block text-sm font-medium text-gray-700" for="opnsenseAlias" data-i18n="settings.advanced.opnsense.alias">Alias Name</label>
<input id="opnsenseAlias" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500">
</div>
<div class="flex items-center">
<input type="checkbox" id="opnsenseSkipTLS" class="h-4 w-4 text-blue-600 border-gray-300 rounded">
<label for="opnsenseSkipTLS" class="ml-2 text-sm text-gray-700" data-i18n="settings.advanced.opnsense.skip_tls">Skip TLS verification (self-signed)</label>
</div>
</div>
</div>
</div> </div>
<div class="mt-6"> <div class="mt-6">
@@ -1203,12 +1237,6 @@
<label for="advancedTestIP" class="block text-sm font-medium text-gray-700" data-i18n="settings.advanced.test_ip">IP address</label> <label for="advancedTestIP" class="block text-sm font-medium text-gray-700" data-i18n="settings.advanced.test_ip">IP address</label>
<input type="text" id="advancedTestIP" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="203.0.113.10"> <input type="text" id="advancedTestIP" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="203.0.113.10">
</div> </div>
<div>
<label for="advancedTestServer" class="block text-sm font-medium text-gray-700" data-i18n="settings.advanced.test_server">Optional server</label>
<select id="advancedTestServer" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
<option value="" data-i18n="settings.advanced.test_server_none">Use global integration settings</option>
</select>
</div>
</div> </div>
</div> </div>
</div> </div>